I just started to test, learn etc syslog-ng, my server configuration is really basic:
Q: Can i filter (and mark them on client) the incoming logs, so i dont have to open multiple ports for different logs?
#-----------------------------------Source---------------------------------
source s_network_testweb01_access {
tcp(ip(192.168.56.48)
port("16601"));
};
source s_network_testweb01_error {
tcp(ip(192.168.56.48)
port("16602"));
};
source s_network_testweb01_referer {
tcp(ip(192.168.56.48)
port("16603"));
};
#------------------------------------Destination--------------------------
destination d_apache_access_testweb01 {
file("/var/log/syslog-ng/apache2/$FULLHOST.access"
owner("root")
group("adm")
perm(0640)
create_dirs(yes)
dir_owner("root")
dir_group("adm")
persist-name("testweb_access"));
....
file("/var/log/archive/$R_YEAR/apache/$R_MONTH/$FULLHOST.access.$R_DAY"
owner("root")
group("adm")
perm(0640)
create_dirs(yes)
dir_owner("root")
dir_group("adm")
persist-name("testweb_access_archive"));
};
destination d_apache_error_testweb01 {
file("/var/log/syslog-ng/apache2/$FULLHOST.error"
owner("root")
group("adm")
perm(0640)
create_dirs(yes)
dir_owner("root")
dir_group("adm")
persist-name("testweb_error"));
....
file("/var/log/archive/$R_YEAR/apache/$R_MONTH/$FULLHOST.error.$R_DAY"
owner("root")
group("adm")
perm(0640)
create_dirs(yes)
dir_owner("root")
dir_group("adm")
persist-name("testweb_error_archive"));
};
destination d_apache_referer_testweb01 {
file("/var/log/syslog-ng/apache2/$FULLHOST.referer"
owner("root")
group("adm")
perm(0640)
create_dirs(yes)
dir_owner("root")
dir_group("adm")
persist-name("testweb_referer"));
....
file("/var/log/archive/$R_YEAR/apache/$R_MONTH/$FULLHOST.referer.$R_DAY"
owner("root")
group("adm")
perm(0640)
create_dirs(yes)
dir_owner("root")
dir_group("adm")
persist-name("testweb_referer_archive"));
};
#---------------------Connections--------------------------
log { source(s_network_testweb01_access); destination(d_apache_access_testweb01); };
log { source(s_network_testweb01_error); destination(d_apache_error_testweb01); };
log { source(s_network_testweb01_referer); destination(d_apache_referer_testweb01); };
Jun 8 08:20:11 192.168.7.30 133 <13>1 2017-06-08T08:20:11+02:00 testweb01 - - - [meta sequenceId="24"] :1 - - [08/Jun/2017:08:20:10 +0200] "GET / HTTP/1.1" 200 3004
#Log sources
source s_apache_error {
file("/var/log/apache2/error_testweb_log" follow-freq(1));
};
source s_apache_access {
file("/var/log/apache2/access_testweb_log" follow-freq(1));
};
source s_apache_referer {
file("/var/log/apache2/www_referer_log" follow-freq(1));
};
#LOG Destination
destination d_network_access {
syslog("192.168.56.48"
transport("tcp")
ip-protocol(4)
port("16601")
persist-name("testweb_access"));
};
destination d_network_error {
syslog("192.168.56.48"
transport("tcp")
ip-protocol(4)
port("16602")
persist-name("testweb_error"));
};
destination d_network_referer {
syslog("192.168.56.48"
transport("tcp")
ip-protocol(4)
port("16603")
persist-name("testweb_referer"));
};
#LOG connections
log { source(s_apache_access); destination(d_network_access); };
log { source(s_apache_error); destination(d_network_error); };
log { source(s_apache_referer); destination(d_network_referer); };